Legacy security systems and practices are often not sufficient to protect companies’ expanding use of cloud and mobile technologies, according to a CompTIA study.
Malware and hacking are still the top threats causing concern, with nearly half of all companies citing these as serious concerns.
"One of the most important things that small businesses can do is to form a policy around security," Seth Robinson, senior director, technology analysis, CompTIA, told eWEEK. "Only 44 percent of SMBs say that they have a comprehensive security policy in place. The key part in forming a policy is having discussions across an organization to ensure that everyone is on the same page."
ComTIA’s online survey of 700 U.S. business and technology professionals also found that just over half (54 percent) of companies offer some form of cybersecurity training, which is typically done during new employee orientation or an annual refresher course. However, there are few metrics to evaluate the effectiveness of this training.
The survey also indicated that companies are bringing in new security technologies to go along with the new mobile and cloud technologies they’re using.
Data loss prevention (DLP) is one of the most common new tools, currently in use by 58 percent of companies.
Identity and access management (IAM) and security information and event management (SIEM) both showed strong growth in adoption, at 57 percent and 49 percent.
"The biggest challenge with security today is the broad scope that must be covered in building a strong defense. A traditional security scheme would focus on tools such as firewall and antivirus," Robinson said. "The mistake many companies make today is continuing to focus on these types of tools while ignoring other tools such as DLP and IAM. In addition, businesses must put much more effort into processes such as risk analysis and workforce issues such as training. A broader scope requires a more extensive resource commitment."
Just over half of the companies surveyed (52 percent) say greater interconnectivity has complicated their security.
"Up to this point, many security breaches in the headlines have involved standard security errors that have occurred at a massive scale," Robinson said. "Cyber criminals have been able to use many familiar forms of attack since they continue to be effective. As companies move forward with cloud computing and mobility, they will create new vulnerabilities."
He warned that cyber criminals will move to exploit these vulnerabilities as the potential for profit increases. This will force companies to put up new defenses while still maintaining the old ones.